httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch>
Subject Re: Remove <Limit> and <LimitExcept> ?
Date Sun, 19 Sep 2010 18:38:50 GMT
On Sunday 19 September 2010, Ruediger Pluem wrote:
> On 09/19/2010 12:45 AM, Stefan Fritsch wrote:
> > What do other people think about removing <Limit> and
> > <LimitExcept>  and adding mod_allowmethods from the sandbox to
> > easily forbid some methods? Or would this create too much
> > trouble when upgrading configurations?
> >
> > BTW, we could also add an authz provider to allow things like
> >
> > Require method GET,HEAD,...
> >
> > Though this would be slower than mod_allowmethods because authz 
> > providers have to parse the require line on every request.

This is done, including parsing the require line only once, which has 
the added benefit of catching typos while reading the config.

I would still add mod_allowmethods, because it is really nice for 
globally disabling some methods while not having to worry about authz 
section merging. Anybody disagrees?

> Hm. I don't like it to be removed until be have an agreed
> alternative in trunk. And the question is whether we should still
> do this after we had a first beta release.

Sounds reasonable. But if we intend to remove Limit/LimitExcept in 2.4 
but leave it in the first beta, it should log a really big warning 
that it will be removed in 2.4.

View raw message